§ 317.30 - Individual access to records.  

(a) Right of access (1) The access provisions of this part are for individuals who are subjects of records maintained in DCAA systems of records.

(2) All information that can be released consistent with applicable laws and regulations should be made available to the subject of record.

(b) Notification of record's existence. Record managers of system of records shall establish procedures for notifying an individual, in response to a request, if the system of records contains a record pertaining to him or her.

(c) Individual requests for access. (1) Individuals shall address requests for access to records in systems of records to the responsible system manager or the regional Privacy Act officer.

(2) Requests for access may be oral or written; however, only written requests are to be maintained in the Privacy Act case file and counted when compiling the annual Privacy Act report.

(d) Verifying identity. (1) An individual shall provide reasonable verification of identity before obtaining access to records.

(2) Procedures for verifying identity shall not be complicated merely to discourage individuals from seeking access to records.

(3) When an individual seeks access in person, identification can be verified by documents normally carried by the individual, such as an identification card, driver's license, or other license, permit or pass normally used for identification purposes.

(4) When access is requested other than in person, identity may be verified by the individual's providing minimum identifying data such as full name, date and place of birth, or other information necessary to locate the record sought. If the information sought is sensitive, additional identifying data may be required.

(5) The individual may be accompanied by a person of his or her choice when viewing the record; however, the individual may be required to provide written authorization to have the record discussed in front of the other person.

(6) An individual shall not be denied access to a record solely for refusing to divulge the SSN, unless it is the only means of retrieving the record or verifying identity.

(7) An individual shall not be required to explain why he or she is seeking access to a record.

(8) Only a designated denial authority may deny access. The denial must be in writing.

(9) If notarization of requests is required for access, procedures shall be established for an alternate method of verification for individuals who do not have access to notary services, such as military members overseas. The following formats may be used as prescribed by 28 U.S.C. 1746:

(i) If executed outside of the United States: “I declare (or certify, verify, or state) under penalty of perjury under the laws of the United States of America that the foregoing is true and correct. Executed on (date). (Signature).”

(ii) If executed within the United States, its territories, possessions, or commonwealths: “I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct. Executed on (date). (Signature).”

(e) Granting individual access to records. (1) The individual should be granted access to the original record (or exact copy) without any changes or deletions. A record that has been amended is considered the original.

(2) The individual's request should be granted for an exact copy of the record, and, upon the signed authorization of the individual, a copy should be provided to anyone designated by the individual. In either case, the copying fees may be assessed to the individual.

(3) If requested, explain any record or portion of a record that is not understood, as well as any changes or deletions.

(f) Illegible, incomplete, or exempt records. (1) Illegible or incomplete records. Individual access should not be denied solely because the physical condition or format of the record does not make it readily available, such as when the record is in a deteriorated state or on magnetic tape. In this case, the document should be recopied exactly or an extract can be prepared.

(2) Exempt records. A request for a record that is wholly or partially exempt from access shall also be processed under the Freedom of Information Act (FOIA). The requester shall be granted access to all information that is releasable under either this part or the FOIA. The agency may provide this information in the form of an extract or summary of the record. The provisions of this rule or the FOIA under which access was granted should be cited.

(g) Access to medical and psychological records. (1) Individual access to medical and psychological records should be provided, even if the individual is a minor, unless it is determined that access could have an adverse effect on the mental or physical health of the individual. This determination normally should be made in consultation with a medical practitioner.

(2) If it is medically indicated that access could have an adverse mental or physical effect on the individual, the record should be provided to a medical practitioner named by the individual, along with an explanation why access without medical supervision could be harmful to the individual.

(3) The named medical practitioner should not be required to request the record for the individual.

(4) If the individual refuses or fails to designate a medical practitioner, access shall be refused. The refusal is not considered a denial for reporting purposes under the Privacy Act.

(h) Access by parents and legal guardians. (1) The parent of any minor, an individual under 18 years of age who is neither a member of a Military Service nor married, or the legal guardian of any individual declared by a court of competent jurisdiction to be incompetent due to physical or mental incapacity or age, may obtain access to the record of the minor or incompetent individual if the parent or legal guardian is acting on behalf of the minor or incompetent (i.e., for the benefit of the minor or incompetent). However, with respect to access by parents and legal guardians to medical records and medical determinations about minors, observe the following procedures:

(i) In the United States, the laws of the state where the records are located might afford special protection to certain medical records such as drug and alcohol abuse treatment records and psychiatric records. The state statutes might apply even if the records are maintained by a military medical facility.

(ii) For installations located outside the United States, the parent or legal guardian of a minor shall be denied access if all four of the following conditions are met:

(A) The minor at the time of the treatment or consultation was 15, 16, or 17 years old.

(B) The treatment or consultation was within a program authorized by law or regulation to provide confidentiality to the minor.

(C) The minor specifically indicated a desire that the treatment or consultation record be handled in confidence and not disclosed to a parent or guardian, and

(D) The parent or legal guardian does not have the written authorization of the minor or a valid court order granting access.

(2) A minor or incompetent has the same right of access as any other individual. The right of access of the parent or legal guardian is in addition to that of the minor or incompetent.

(i) Access to information compiled in anticipation of a civil proceeding. (1) An individual is not entitled to access information compiled in reasonable anticipation of a civil action or proceeding.

(2) The term “civil action or proceeding” includes quasi-judicial and pretrial judicial proceedings as well as formal litigation.

(3) Paragraphs (i)(1) and (2) of this section do not prohibit access to records compiled or used for purposes other than litigation, nor prohibit access to systems of records solely because they are frequently subject to litigation. The information must have been compiled for the primary purpose of litigation.

(4) Attorney work products prepared in conjunction with the paragraphs (i)(1) and (2) of this section are also protected.

(j) Non-agency records. (1) Certain documents under the control of DCAA personnel and used to assist them in performing official functions may not be considered agency records within the meaning of this part. Such documents, if maintained in accordance with the following subparagraph, are not systems of records that are subject to this part. Examples are personal telephone lists and personal notes kept to refresh the memory of the author.

(2) To be considered non-agency records, the documents must:

(i) Be maintained and discarded solely at the discretion of the author.

(ii) Be created only for the author's personal convenience.

(iii) Not be the result of official direction or encouragement, whether oral or written; and

(iv) Not be shown to other persons for any reason.

(k) Relationship between the Privacy Act and the Freedom of Information Act (FOIA). (1) Access requests that specifically state or reasonably imply that they are made under the Freedom of Information Act (5 U.S.C. 552), are processed pursuant to DCAA Regulation 5410.10 (32 CFR part 290).

(2) Access requests that specifically state or reasonably imply that they are made under the Privacy Act of 1974 (5 U.S.C. 552a) are processed pursuant to this part.

(3) Access requests that cite both the FOIA and the Privacy Act are processed under the Act that provides the greater degree of access. The requester should be informed which Act was used in granting or denying access.

(4) Individual access should not be denied to records otherwise releasable under the Privacy Act or the Freedom of Information Act solely because the request does not cite the appropriate statute.

(l) Time limits. Access requests should be acknowledged within 10 working days after receipt, and access should be granted or denied within 30 working days, excluding Federal holidays.